[Info-vax] Python and various libraries updated

Arne Vajhøj arne at vajhoej.dk
Thu Aug 6 10:51:12 EDT 2020 

On 8/6/2020 9:51 AM, Jean-François Piéronne wrote:
> Le 06/08/2020 à 15:04, Arne Vajhøj a écrit :
>> On 8/6/2020 1:42 AM, Jean-François Piéronne wrote:
>>>                                                              There are
>>> many libraries/tools with a license which required you to publish the
>>> sources like GPL for examples, SAMBA is one of them as mentioned by
>>> Craig.
>>
>> Strictly speaking it only requires you to provide the source to those
>> that got the binary and allows those getting the source to redistribute
>> it to everybody. But that is practically the same as publish public.
>>
>> My complaint was about your statement "a port without release sources
>> updates is not a contribution, it is a license violation" without any
>> note about that it only applies for some licenses. That was misleading.
> 
> You're right, they don't violate license of all products, just for some.
> 
> If this makes you happy and you think that's VSI has a great
> contribution to the open source world that's your choice.
> 
> But for me a port without release any sources is not contributing to the
> open-source world, it is just a contribution to the VSI business.

You should not be surprised by the fact that a commercial entity like
VSI seek to make money.

They should of course comply with all license rules.

And it is likely in their best interest long term to
support the open source community.

>>> I suggest you list all the VSI ports and give us how many doesn't
>>> violate the associated license, and how many violate their license...
>>
>> I am not the one that claims that they are violating any license.
>>
>> I am assuming VSI is complying with all licenses.
>>
>> Those that think otherwise should raise the issue.
>
> And what am I doing ?
> 
> Each time we have asked for VSI to publish updates the reply has been:
> no, sorry no time.
> 
> But, again, if you're happy with this, no problem, and in fact, I know
> many customers who have no problems with this.
> 
> If you want other examples: stunnel ,openjdk
> """
>   Stunnel uses the OpenSSL library for encryption and is distributed
> under the GNU GPL version 2 license or later with an OpenSSL exception.
> """
> 
> """
>   OpenJDK is licensed under the GNU General Public License (GNU GPL)
> Version 2 with a linking exception such that components linked to the
> Java Class library are not subject to the terms of the GPL license.
> """
> 
> Just found this in a few minutes.

I think you are pretty vague in a claim that they are
violating licenses.

OpenJDK is indeed under GPL and GPL with CPE. And VSI has released
OpenJDK 8 for VMS. That is common knowledge.

VSI not having put up the source for their changes on public HTTPS or
SFTP server is not a license violation.

If someone that has received a binary version, make a formal request for
the source code and don't get it, then there is a problem.

But that is not very clear from what you write.

If someone said: I downloaded OpenJDK 8 for VMS from VSI June 1st,
I made a formal request to VSI June 15th for the source code, June 30th
I got a reply from them signed by XXX saying that they could not provide
the requested. Then that would be specific. And a problem for VSI.

> But, I agree for those under, for example, the Apache 2.0 license, you
> are allowed to distribute binaries without providing the source code
> with it.

Anything under a permissive license would be fine. Apache httpd, Python 
etc..

> Maybe I should have said that the contribution of VSI to the open-source
> world is so light that it is near null, I don't think that's change the
> facts.

If you had said that you think VSI has a moral/ethical problem of
using a lot of open source and not giving enough back to the open
source community then that would have been a completely different
topic than claiming that they are violating licenses.

Arne

More information about the Info-vax mailing list